prosody
02735bc82126
plugins/mod_websocket.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

plugins/mod_websocket.lua @ 9795:02735bc82126

mod_websocket: Drop CORS code in favor of that in mod_http Like for mod_bosh, deprecates consider_websocket_secure and depend on mod_http_crossdomain if it is set.
author Kim Alvefur <zash@zash.se>
date Thu, 04 Oct 2018 12:24:08 +0200
parent 9415:02155a10c5e9
child 9799:7259a61bacc8
comparison
equal deleted inserted replaced
9794:4b5c24f13d4a 9795:02735bc82126
27 27
28 local t_concat = table.concat; 28 local t_concat = table.concat;
29 29
30 local stream_close_timeout = module:get_option_number("c2s_close_timeout", 5); 30 local stream_close_timeout = module:get_option_number("c2s_close_timeout", 5);
31 local consider_websocket_secure = module:get_option_boolean("consider_websocket_secure"); 31 local consider_websocket_secure = module:get_option_boolean("consider_websocket_secure");
32 local cross_domain = module:get_option_set("cross_domain_websocket", {}); 32 local cross_domain = module:get_option("cross_domain_websocket");
33 if cross_domain:contains("*") or cross_domain:contains(true) then 33 if cross_domain ~= nil then
34 cross_domain = true; 34 module:log("info", "The 'cross_domain_websocket' option has been deprecated");
35 end 35 module:depends("http_crossdomain");
36 36 end
37 local function check_origin(origin)
38 if cross_domain == true then
39 return true;
40 end
41 return cross_domain:contains(origin);
42 end
43
44 local xmlns_framing = "urn:ietf:params:xml:ns:xmpp-framing"; 37 local xmlns_framing = "urn:ietf:params:xml:ns:xmpp-framing";
45 local xmlns_streams = "http://etherx.jabber.org/streams"; 38 local xmlns_streams = "http://etherx.jabber.org/streams";
46 local xmlns_client = "jabber:client"; 39 local xmlns_client = "jabber:client";
47 local stream_xmlns_attr = {xmlns='urn:ietf:params:xml:ns:xmpp-streams'}; 40 local stream_xmlns_attr = {xmlns='urn:ietf:params:xml:ns:xmpp-streams'};
48 41
154 local wants_xmpp = contains_token(request.headers.sec_websocket_protocol or "", "xmpp"); 147 local wants_xmpp = contains_token(request.headers.sec_websocket_protocol or "", "xmpp");
155 148
156 if not wants_xmpp then 149 if not wants_xmpp then
157 module:log("debug", "Client didn't want to talk XMPP, list of protocols was %s", request.headers.sec_websocket_protocol or "(empty)"); 150 module:log("debug", "Client didn't want to talk XMPP, list of protocols was %s", request.headers.sec_websocket_protocol or "(empty)");
158 return 501; 151 return 501;
159 end
160
161 if not check_origin(request.headers.origin or "") then
162 module:log("debug", "Origin %s is not allowed by 'cross_domain_websocket'", request.headers.origin or "(missing header)");
163 return 403;
164 end 152 end
165 153
166 local function websocket_close(code, message) 154 local function websocket_close(code, message)
167 conn:write(build_close(code, message)); 155 conn:write(build_close(code, message));
168 conn:close(); 156 conn:close();
327 }; 315 };
328 }); 316 });
329 317
330 function module.add_host(module) 318 function module.add_host(module)
331 module:hook("c2s-read-timeout", keepalive, -0.9); 319 module:hook("c2s-read-timeout", keepalive, -0.9);
332 320 end
333 if cross_domain ~= true then
334 local url = require "socket.url";
335 local ws_url = module:http_url("websocket", "xmpp-websocket");
336 local url_components = url.parse(ws_url);
337 -- The 'Origin' consists of the base URL without path
338 url_components.path = nil;
339 local this_origin = url.build(url_components);
340 local local_cross_domain = module:get_option_set("cross_domain_websocket", { this_origin });
341 -- Don't add / remove something added by another host
342 -- This might be weird with random load order
343 local_cross_domain:exclude(cross_domain);
344 cross_domain:include(local_cross_domain);
345 module:log("debug", "cross_domain = %s", tostring(cross_domain));
346 function module.unload()
347 cross_domain:exclude(local_cross_domain);
348 end
349 end
350 end